AIR Console Access Control
Last updated
Was this helpful?
Last updated
Was this helpful?
To address a security vulnerability involving Host header injection, we have (with AIR v4.33) implemented more stringent controls on AIR Console access.
This update enhances security protocols and provides administrators with better control over access settings:
Access Restriction: The AIR Console will now only be accessible through the specific address registered during the initial setup, ensuring that only legitimate requests are processed.
Technical Enforcement: This measure counters manipulations of the Host header that could potentially allow unauthorized access.
Configuration Flexibility: For legitimate access needs from multiple domains or IP addresses, users can specify allowable entries via the AIR_CONSOLE_ADDRESSES environment variable.
Enhanced Security: This change prevents unauthorized access and aligns with best practices for secure network management.
If you are unsure of your AIR Console Address, you can check the config.yml file on one of your assets:
Windows: Program files x86 /binalyze/agent/config.yml
Linux or macOS; /opt/binalyze/agent/config.yml
Troubleshooting Console Access Issues
If you encounter the error message “Invalid Host Header. Host must be the Console Address” when accessing Binalyze AIR, it means the system is enforcing stricter security controls to prevent unauthorized access. This typically occurs after upgrading to AIR Console v4.33 or later. To understand why this happens and how to resolve it, refer to our Resolving the "Invalid Host Header" Error FAQ guide for step-by-step instructions on configuring additional console addresses.
